It was a testing weekend for Cool Ideas customers, with access to international online services proving hard to come by.
During the inaccessibility, the local internet service provider sent out text messages to its customers noting that it was aware of the problem and was working on fixing the issue.
By midday on Sunday access to services returned for many customers, but now we know what the cause of the disruption to service was – yet another DDoS attack.
The ISP sent out a mail to customers confirming the attack, as well as how it has responded to such attacks over the past few months, along with how it aims to prevent them/react more timely moving forward.
“On Saturday 23 November at 10:30 am our DDOS alarms went off, and engineers reviewed the new attack profiles. Our automatic mitigation systems had already started scrubbing the ‘dirty’ traffic earlier on our recently upgraded London infrastructure. This scrubbing infrastructure was implemented as the result of projects initiated after the previous attacks in September,” the Cool Ideas mail explained.
“As per our previous communication we had a plan, and we didn’t stick our heads in the sand waiting for things to happen, so after the postseason -mortem in September we embarked on major upgrades and additional Zombie mitigation projects,” it adds.
As with the aforementioned September attacks, it looks like Cool Ideas upgrades are yielding dividends, and at the very least resulting in a reduction of downtime.
The ISP is not alone when it comes dealing with DDoS attacks, with a massive amount occurring in September. With DDoS attacks showing no signs of slowing down for South African internet users this year, the next question is what Cool Ideas plans to do in order to handle these types of situations more effectively.
To that end, the ISP says it is currently in the process of configuring scrubbing capacity with specialised facilities in the UK and USA.
“We will still keep using our additional capacity and existing detection and scrubbing systems, but if a larger volume attacks happens we will be able to hand-off the bulk of it to a more specialised provider,” it concludes.